Security vulnerability found in Samsung printers

US-CERT warns that printer firmware contains a backdoor administrator account


The United States Computer Emergency Readiness Team (US-CERT), part of the National Cyber Security Division of the Department of Homeland Security, has reported a vulnerability in certain Samsung printers that could allow a remote attacker to take control of an affected device.

According to a newly released vulnerability report, Samsung printers, as well as some Dell printers manufactured by Samsung, contain a hardcoded SNMP full read-write community string that remains active even when SNMP is disabled in the printer management utility. In plain English, there is a backdoor administrator account embedded in the printer's firmware that could enable a hacker to remotely control the device. 

Thus, a remote, unauthenticated attacker could access an affected device with administrative privileges. That would grant the hacker the ability to make changes to the device configuration, access sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution, US-CERT says.

Samsung and Dell have stated that models released after October 31, 2012 are not affected by this vulnerability. The companies have also indicated they will be releasing a patch tool later this year to address vulnerable devices.

As a general good security practice, US-CERT recommends that businesses only allow connections to printers from trusted hosts and networks. "Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location.," the report says.